Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a Caldera service to the Docker setup #313

Open
wants to merge 1 commit into
base: development
Choose a base branch
from
Open

Add a Caldera service to the Docker setup #313

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 22 additions & 4 deletions deployments/docker/soarca/docker-compose.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,3 @@
version: '3.7'
services:
mongodb_container:
image: docker.io/mongo:latest
Expand All @@ -13,6 +12,23 @@ services:
source: mongodb_data_container
target: /data/db

caldera:
image: soarca-caldera
build: https://github.com/mitre/caldera.git
networks:
- caldera-net
ports:
- "8888:8888"
- "8443:8443"
- "7010:7010"
- "7011:7011/udp"
- "7012:7012"
- "8853:8853"
- "8022:8022"
- "2222:2222"
profiles:
- caldera

mosquitto:
image: docker.io/eclipse-mosquitto
container_name: mosquitto
Expand Down Expand Up @@ -64,9 +80,13 @@ services:
THEHIVE_ACTIVATE: false
THEHIVE_API_TOKEN: your_token
THEHIVE_API_BASE_URL: http://localhost:9000/api/v1/
CALDERA_HOST: "calera"
CALDERA_PORT: "8888"
CALDERA_API_KEY: "ADMIN123"
networks:
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe choose a bit longer password as this is easily crackable (I know someone needs to pick it them self) but make it harder to guess

- db-net
- mqtt-net
- caldera-net
ports:
- 127.0.0.1:8080:8080
depends_on:
Expand All @@ -76,7 +96,7 @@ services:
networks:
db-net:
mqtt-net:

caldera-net:

volumes:
mongodb_data_container:
Expand All @@ -88,5 +108,3 @@ volumes:
o: bind
mosquitto_data:
mosquitto_log:


46 changes: 42 additions & 4 deletions docs/content/en/docs/getting-started/_index.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ make build && ./build/soarca
wget https://github.com/COSSAS/SOARCA/releases/download/SOARCA_1.0.0/SOARCA_1.0.0_linux_amd64.tar.gz && tar -xvf SOARCA* && ./SOARCA
{{< /tab >}}
{{< tab header="Docker Compose" lang="sh" >}}
cd docker/soarca && sudo docker compose up -d
cd docker/soarca && docker compose up -d
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please don't remove this as many users don't have sudoless docker

{{< /tab >}}
{{< /tabpane >}}

Expand Down Expand Up @@ -72,6 +72,30 @@ curl -X POST -H "Content-Type: application/json" -d @./example/openc2-playbook.j
{{< /tab >}}
{{< /tabpane >}}

### Caldera setup

SOARCA optionally comes packaged together with Caldera. To use the
[Caldera capability](/docs/soarca-extensions/native-capabilities#caldera-capability), simply make
sure you use the right Compose file when running:

```diff
- cd docker/soarca && docker compose up -d
+ cd docker/soarca && docker compose --profile caldera up -d
```

{{% alert title="Warning" %}}
This only works when using Docker Compose to run SOARCA. When building SOARCA from scratch,
you should supply your own Caldera instance and [configure](#configuration) its URL manually.
{{% /alert %}}

{{% alert title="Warning" %}}
Note that Caldera in this mode operates with default credentials and settings. This is dangerous
for a public-facing setup and therefore not production-ready out of the box. You probably want
to consult the
[Caldera documentation on configuration](https://caldera.readthedocs.io/en/latest/Server-Configuration.html#configuration-file)
before deploying to production.
{{% /alert %}}

Comment on lines +75 to +98
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We introduced the advanced installation & configuration I think we should put this there.

## Configuration

SOARCA reads its configuration from the environment variables or a `.env` file. An example of a `.env` is given below:
Expand All @@ -98,17 +122,31 @@ ENABLE_FINS: false
MQTT_BROKER: "localhost"
MQTT_PORT: 1883

CALDERA_HOST: "http://caldera.mydomain.com"
CALDERA_PORT: "8888"
CALDERA_API_KEY: "ADMIN123"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe choose a bit longer password as this is easily crackable (I know someone needs to pick it them self) but make it harder to guess


HTTP_SKIP_CERT_VALIDATION: false
{{< /tab >}}
{{< /tabpane >}}


For more custom and advanced deployment instructions go [here](/docs/installation-configuration/_index.md).
### Docker hub

`docker pull cossas/soarca`
## Obtaining

There are several ways to obtain a copy of the SOARCA software.

### Docker Hub

A prebuilt image can be pulled from the
[Docker Hub](https://hub.docker.com/r/cossas/soarca):

```bash
docker pull cossas/soarca
```

### Building from Source
### Building from source

```bash
git clone https://github.com/COSSAS/SOARCA.git
Expand Down
Loading